W3C home > Mailing lists > Public > public-webappsec@w3.org > July 2012

Re: Why the restriction on unauthenticated GET in CORS?

From: Adam Barth <w3c@adambarth.com>
Date: Fri, 20 Jul 2012 09:59:58 -0700
Message-ID: <CAJE5ia85_bh4ZUZYWZ7ASssDqFiq0pqjZBcj2P5mS5y2+thttA@mail.gmail.com>
To: Cameron Jones <cmhjones@gmail.com>
Cc: Anne van Kesteren <annevk@annevk.nl>, Henry Story <henry.story@bblfish.net>, Ian Hickson <ian@hixie.ch>, public-webapps <public-webapps@w3.org>, public-webappsec@w3.org
On Fri, Jul 20, 2012 at 9:55 AM, Cameron Jones <cmhjones@gmail.com> wrote:
> On Fri, Jul 20, 2012 at 4:50 PM, Adam Barth <w3c@adambarth.com> wrote:
>> On Fri, Jul 20, 2012 at 4:37 AM, Cameron Jones <cmhjones@gmail.com> wrote:
>>> So, this is a non-starter. Thanks for all the fish.
>>
>> That's why we have the current design.
>
> Yes, i note the use of the word "current" and not "final".
>
> Ethics are a starting point for designing technology responsibly. If
> the goals can not be met for valid technological reasons then that it
> a unfortunate outcome and one that should be avoided at all costs.
>
> The costs of supporting legacy systems has real financial implications
> notwithstanding an ethical ideology. If those costs become too great,
> legacy systems loose their impenetrable pedestal.
>
> The architectural impact of supporting for non-maintained legacy
> systems is that web proxy intermediates are something we will all have
> to live with.

Welcome to the web.  We support legacy systems.  If you don't want to
support legacy systems, you might not enjoy working on improving the
web platform.

Adam
Received on Friday, 20 July 2012 17:00:58 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 20 July 2012 17:00:59 GMT